From aa182609aeaa3bac3572f9e6a6487214b4f3fca9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E5=B0=8F=E9=A3=9E?= <2624970078@qq.com>
Date: Sat, 29 May 2021 21:39:28 +0800
Subject: [PATCH] =?UTF-8?q?1.=E4=BF=AE=E6=94=B9main.py=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E4=B8=AD=E7=9A=84verify=5Fuser=E5=87=BD=E6=95=B0=202.=E5=9C=A8?=
 =?UTF-8?q?UseSqlite.py=E6=96=87=E4=BB=B6=E4=B8=AD=E7=9A=84Sqlite3Template?=
 =?UTF-8?q?=E7=B1=BB=E4=B8=8B=E6=B7=BB=E5=8A=A0=E4=BA=86=E4=B8=89=E4=B8=AA?=
 =?UTF-8?q?=E5=87=BD=E6=95=B0instructions=5Fwith=5Fparameters=20do=5Fwith?=
 =?UTF-8?q?=5Fparameters=20operate=5Fwith=5Fparameters?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/UseSqlite.py | 14 ++++++++++++++
 app/main.py      |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/UseSqlite.py b/app/UseSqlite.py
index d9b3f22..67133ce 100644
--- a/app/UseSqlite.py
+++ b/app/UseSqlite.py
@@ -31,6 +31,20 @@ class Sqlite3Template:
         self.connect(self.db_fname)
         self.instructions(self.query)
         self.operate()
+        
+    def instructions_with_parameters(self, query_statement, parameters):
+        self.query = query_statement
+        self.parameters = parameters
+
+    def do_with_parameters(self):
+        self.connect(self.db_fname)
+        self.instructions_with_parameters(self.query, self.parameters)
+        self.operate_with_parameters()
+
+    def operate_with_parameters(self):
+        self.conn.row_factory = sqlite3.Row
+        self.results = self.conn.execute(self.query, self.parameters) # self.query is to be given in the child classes
+        self.conn.commit()
 
         
 class InsertQuery(Sqlite3Template):
diff --git a/app/main.py b/app/main.py
index 1356f12..72f7b79 100644
--- a/app/main.py
+++ b/app/main.py
@@ -38,8 +38,8 @@ def load_freq_history(path):
 
 def verify_user(username, password):
     rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
-    rq.instructions("SELECT * FROM user WHERE name='%s' AND password='%s'" % (username, password))
-    rq.do()
+    rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password))
+    rq.do_with_parameters()
     result = rq.get_results()
     return result != []